<?php
/*
  * This is the add.php file
  * This file is used to add a new employee
  * 添加员工
  */
// 引入数据库连接配置和连接函数
include 'connect.php';
// 生成CSRF令牌
if (empty($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
$message = '';
// 增加员工

// 判断是否为POST请求
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // 验证CSRF令牌
    if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
        die("CSRF token validation failed");
    }
    // 获取并验证用户输入
    $name = trim($_POST['name']);
    $gender = $_POST['gender'];
    $tel = trim($_POST['tel']);
    $department = trim($_POST['department']);
    $birthday = $_POST['birthday'];
    $hire_date = $_POST['hire_date'];

    // 检查电话号码是否已存在
    $stmt = $conn->prepare("SELECT * FROM employees WHERE tel=?");
    $stmt->bind_param("s", $tel);
    $stmt->execute();
    $result = $stmt->get_result();
    if ($result->num_rows > 0) {
        $message = "<div class='alert alert-danger'>使用此电话<b>$tel</b>的员工已存在</div>";
    } else {
        // 插入新员工数据
        $stmt_insert = $conn->prepare("INSERT INTO employees (name, gender, tel, department, birthday, hire_date) VALUES (?, ?, ?, ?, ?, ?)");
        $stmt_insert->bind_param("ssssss", $name, $gender, $tel, $department, $birthday, $hire_date);

        if ($stmt_insert->execute()) {
            $message = "<div class='alert alert-success'>员工添加成功</div>";
        } else {
            $message = "<div class='alert alert-danger'>添加员工时出错，请稍后重试。</div>";
        }

        $stmt_insert->close();
    }

    $stmt->close();
}
?>
<!DOCTYPE html>
<html lang="zh">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>添加员工</title>
    <!--bootstrap-->
    <script src="https://cdn.jsdelivr.net/npm/bootstrap/dist/js/bootstrap.min.js"></script>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<?php include 'nav.php'; ?>
<div class="container mt-5">
    <form action="" method="post">
        <!-- 表单内容保持不变，但增加了CSRF令牌 -->
        <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">

        <div class="row">
            <div class="col-2 form-group">
                <label for="name" class="form-label">姓名</label>
                <input type="text" class="form-control" id="name" name="name" placeholder="输入姓名" value="<?php if(isset($_POST['name'])){echo   $_POST['name'];}?>">
            </div>
            <div class="col-2 form-group">
                <label for="gender" class="form-label">性别</label>
                <div>
                    <input id="M" name="gender" type="radio" class="form-check-input" VALUE="男" checked required="">
                    <label for="M">男</label>
                    <input id="F" name="gender" type="radio" class="form-check-input" VALUE="女" required="">
                    <label for="F">女</label>
                </div>
            </div>
            <div class="col-2 form-group">
                <label for="tel" class="form-label">电话</label>
                <input type="tel" class="form-control" id="tel" name="tel" maxlength="11" value="<?php if(isset($_POST['tel'])){echo $_POST['tel'];}?>">
            </div>
            <div class="col-2 form-group">
                <label for="department" class="form-label">部门</label>
                <input type="text" class="form-control" id="department" name="department"  value="<?php if(isset($_POST['department'])){echo $_POST['department'];}?>">
            </div>
            <div class="col-2 form-group">
                <label for="birthday" class="form-label">生日</label>
                <input type="date" class="form-control" id="birthday" name="birthday" min="<?php
                $tenYearsAgo = strtotime('-50 years');
                echo date('Y-m-d', $tenYearsAgo);
                ?>" max="<?php
                $tenYearsAgo = strtotime('-18 years');
                echo date('Y-m-d', $tenYearsAgo);
                ?>" value="<?php if(isset($_POST['birthday'])){echo $_POST['birthday'];}?>" required>
            </div>
            <div class="col-2  form-group">
                <label for="hire_date" class="form-label">入职时间</label>
                <input type="date" class="form-control" id="hire_date" name="hire_date" value="<?php echo date('Y-m-d'); ?>" required>
            </div>
        </div>
            <button type="submit" class="btn btn-primary mt-3">提交</button>
            <a href="all.php" class="btn btn-secondary mt-3">返回</a>
    </form>
</div>
<div class="container mt-3">
    <?php echo $message; ?>
</div>
</body>
</html>